summaryrefslogtreecommitdiff
path: root/modules/gallery/controllers/movies.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery/controllers/movies.php')
-rw-r--r--modules/gallery/controllers/movies.php3
1 files changed, 3 insertions, 0 deletions
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index 55bbb0e5..86b0f177 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -66,6 +66,8 @@ class Movies_Controller extends Items_Controller {
* @see REST_Controller::_update($resource)
*/
public function _update($photo) {
+ access::verify_csrf();
+ access::required("view", $photo);
access::required("edit", $photo);
$form = photo::get_edit_form($photo);
@@ -108,6 +110,7 @@ class Movies_Controller extends Items_Controller {
* @see REST_Controller::_form_edit($resource)
*/
public function _form_edit($photo) {
+ access::required("view", $photo);
access::required("edit", $photo);
print photo::get_edit_form($photo);
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-17 11:08:31 +0000